CTF League

Capture The Flag League

web n’ pwn

What’s a webserver

• it serves
• and it webs

What do we serve

• Files
• Often HTML
• Over HTTP

General structure

GET /cool_file HTTP/1.1
Host: localhost:8000
User-Agent: Wget/1.25.0
Accept: */*
Accept-Encoding: identity
Connection: Keep-Alive

HTTP/1.1 200 OK

<contents of /cool_file here>

Pretend we implement a server that serves files from /app/public

• What happens if someone requests //etc/passwd
• or ../.env
• etc

This is called “path traversal” and sometimes you gotta urlencode your tricksy path

More complicated websites

• What if we want to manage state?

More complicated websites

• What if we want to manage state?
• Each connection its own thread, with local state

Otherwise, cookies

• Each client saves information
• (un)encrypted or key, typically

Otherwise, cookies

• Client holds information and server reads (and maybe decrypts)
• Client holds key, and server looks up values at that key

At the end of the day, it’s only as secure as the code

Go forth and read C